NAT Query

Answered Question
Jan 18th, 2009
User Badges:


In the below configuration, I would like to know whether the NAT only takes place for connections initiated from 30.x network on the inside to 40.x network on the outside OR even the other way round i.e. for connections originated from 40.x network to 30.x network.


interface GigabitEthernet0/0

ip address 20.20.20.1 255.255.255.0

ip nat outside


interface Serial0/0/0

ip address 10.10.10.1 255.255.255.0

ip nat inside


ip nat inside source static network 30.30.30.0 40.40.40.0 /24

Correct Answer by Edison Ortiz about 8 years 4 months ago

Instead of destination subnet, I will use the term NAT'd subnet.



The NAT'd subnet will be the representation of the internal subnet for devices facing the outside interface. With that said, connections made from the outside towards 40.40.40.0/24 will be translated to 30.30.30.0/24 in the inside as the router keeps a NAT table for reference.


HTH,


__


Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Edison Ortiz Sun, 01/18/2009 - 14:21
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

ip nat inside source static network 30.30.30.0 40.40.40.0 /24


This command will translate source subnet 30.30.30.0/24 to 40.40.40.0/24 regardless the destination subnet.


HTH,


__


Edison.

cisco_lite Mon, 01/19/2009 - 01:25
User Badges:

Thank you. One more clarification


Will the destination subnet of 40.40.40.0/24 be Natt'ed to 30.30.30.0/24 for connections from Outside (i.e. GigabitEthernet) with this configuration.


If not, that what would be the configuration to achieve it.


Regards.

Correct Answer
Edison Ortiz Mon, 01/19/2009 - 08:07
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Instead of destination subnet, I will use the term NAT'd subnet.



The NAT'd subnet will be the representation of the internal subnet for devices facing the outside interface. With that said, connections made from the outside towards 40.40.40.0/24 will be translated to 30.30.30.0/24 in the inside as the router keeps a NAT table for reference.


HTH,


__


Edison.

lamav Mon, 01/19/2009 - 08:19
User Badges:
  • Blue, 1500 points or more

Hi:


It seems as though you are a bit confused -- or maybe Im just misinterpreting your question.


The 40.x network, as you present it in the command configuration line, is not the destination network. This is not the network that a packet that was generated by a device on the 30.x network is destined for. In other words, this command is not saying "if you come from the 30.x network and are headed for the 40.x network, you will get NATed to some 3rd address block."


The command line is saying that hosts on the 30.x network will be source NATed to an address on the 40.x network. The packet may be destined for the 50.x network, or any other network. Its destination has no bearing on whether the user's source address will be NATed or not -- at least not in this command configuration line.


And the answer to your question is yes, of course, the packet will be reverse NATed after the outside NAT interface receives a response from the destination. The NAT appliance will look at the destination address of the packet it receives, check its NAT table and replace the inside global address on the 40.x network with the inside local address on the 30.x network.


HTH


Victor

lamav Mon, 01/19/2009 - 11:00
User Badges:
  • Blue, 1500 points or more

There's no confusion across the board. You are the only one who is confused.


What Jon explained to you in detail is exactly what the book explained. The only difference is that Jon took the example to its logical conclusion by telling you what happens when the traffic returns to the source. I did the same for you.


Anyway, it's obvious. How could the source host ever receive return traffic from the destination if the NAT appliance doesnt perform a "reverse" NAT and replace the NAT address with the host's real address?





cisco_lite Mon, 01/19/2009 - 11:35
User Badges:

Please note, we are not discussing the 'return' traffic to the source here. Rather the issue is about connections originated from other than the source i.e. other networks connecting to the (inside source) as destination or NAT'ed subnet.


Thanks for your help.

Actions

This Discussion